Two years ago, researchers within the Netherlands discovered an intentional backdoor in an encryption algorithm baked into radios utilized by critical infrastructure–in addition to police, intelligence agencies, and military forces around the globe–that made any communication secured with the algorithm vulnerable to eavesdropping.
When the researchers publicly disclosed the problem in 2023, the European Telecommunications Standards Institute (ETSI), which developed the algorithm, advised anyone using it for sensitive communication to deploy an end-to-end encryption solution on top of the flawed algorithm to bolster the safety of their communications.
But now the identical researchers have found that at the least one implementation of the end-to-end encryption solution endorsed by ETSI has an identical issue that makes it equally vulnerable to eavesdropping. The encryption algorithm used for the device they examined starts with a 128-bit key, but this gets compressed to 56 bits before it encrypts traffic, making it easier to crack. It’s not clear who’s using this implementation of the end-to-end encryption algorithm, nor if anyone using devices with the end-to-end encryption is aware of the safety vulnerability in them.
The tip-to-end encryption the researchers examined, which is dear to deploy, is mostly utilized in radios for law enforcement agencies, special forces, and covert military and intelligence teams which can be involved in national security work and subsequently need an additional layer of security. But ETSI’s endorsement of the algorithm two years ago to mitigate flaws present in its lower-level encryption algorithm suggests it might be used more widely now than on the time.
In 2023, Carlo Meijer, Wouter Bokslag, and Jos Wetzels of security firm Midnight Blue, based within the Netherlands, discovered vulnerabilities in encryption algorithms which can be a part of a European radio standard created by ETSI called TETRA (Terrestrial Trunked Radio), which has been baked into radio systems made by Motorola, Damm, Sepura, and others because the ’90s. The failings remained unknown publicly until their disclosure, because ETSI refused for many years to let anyone examine the proprietary algorithms. The tip-to-end encryption the researchers examined recently is designed to run on top of TETRA encryption algorithms.